Description
_get_common_name() in AbstractVpnClient (config/base/vpn.py) directly mutates device.name on the live object:
d = self.config.device
d.name = d.name[:end] # mutates live object
This causes:
1. Truncated certificate display name — _auto_x509() calls _get_common_name() first, then passes self.config.device.name to _auto_create_cert(name=...). Since the device name is already truncated in memory, the certificate's name field stores the truncated version instead of the original device name.
2. In-memory state corruption — any code accessing device.name later in the same request (signal handlers, admin display, logging) sees the truncated value instead of the actual device name.
Steps to reproduce
1. Create a device with a name longer than 63 - len(mac_address) characters (e.g. 80 chars)
2. Attach an OpenVPN template with auto_cert=True
3. Save — the certificate's name field will have the truncated device name
4. device.name in memory will also be truncated for the rest of the request
Expected behavior
The certificate should store the full original device name, and device.name should not be mutated in memory.
Description
_get_common_name()inAbstractVpnClient(config/base/vpn.py) directly mutatesdevice.nameon the live object: